Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Malware Authors Combine Efforts

Posted by CmdrTaco on from the you-don't-like-your-data-anyway dept.

An anonymous reader writes "Spammers, Hackers and virus writers are all teaming up according to some russian security researchers. This means that they reckon that weaknesses will be exploited in a matter of hours of being announced, rather thant the weeks and months that we're seeing now. Scary stuff."

16 of 306 comments (clear)

  1. And just yesterday by Anonymous Coward · · Score: 5, Interesting

    They couldn't get along!

    1. Re:And just yesterday by networkBoy · · Score: 3, Interesting

      I think I can reconcile this:
      There will be a few groups who work in strategic alliances. The very scary part about this will be the "power" behind some of the malware campaigns. I think CoreWars, running on every windowz box that isn't hardened really is going to happen.
      This should prove to be interesting, especially when governments step in with the non-judiciary non-legislative branches because a real security leak is caused by one of these programs. Think a pissed off NSA (not a politicking one) of the "good 'ol days".
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  2. Public disclosure... by PincheGab · · Score: 4, Interesting

    So where does this place public disclosure advocates? Are people going to demand that makers of affected software have a 24/7 programming staff ready to plug leaks just so weakenesses can de disclosed immedately? In light of this even I would favor not publicly disclosing weaknesses immediately!

    1. Re:Public disclosure... by paulthomas · · Score: 2, Interesting

      RFP has a fairly respected document on public disclosure methods. The idea is basically that public disclosure happens only when there is no vendor response or when vendor response irresponsibly wanes. I agree that immediate public disclosure is not the right approach to take.

      http://www.wiretrip.net/rfp/policy.html
      -Paul

    2. Re:Public disclosure... by jrl · · Score: 2, Interesting

      The flip-side to your argument is that many of the exploits are found by "bad guys" before they are rediscovered by "good guys".

      By definition, the "bad guys" don't typically believe in disclosure as it takes away another one of their 0day toys.

      By disclosing weaknesses immediately you allow information owners to take precautions to protect their infrastructure, even if that means making the resource unavailable until a patch is provided by the vendor.

      It is naive to believe that only "good guys" find problems. As soon as someone is considerate enough to share the problem, I believe it is in our best interest to be notified of it as soon as possible.

    3. Re:Public disclosure... by SeaFox · · Score: 2, Interesting

      You know what? Business needs remain the same regardless of how fast hackers are writing exploits. Few companies, Microsoft included, could afford to have a 24x7 staff of patch writers for all of the applications they have deployed.

      Well, maybe if they tested the software better and built it more secure from the start they wouldn't need a 24x7 staff of patchers.

      Haha. But that would imply the product is being driven by developers and engineers, not marketting people.

    4. Re:Public disclosure... by DaHat · · Score: 2, Interesting

      Just because you can get a patch out faster in the OSS world doesn't mean you should. It's pretty easy to open up a block of code and fix a bug (provided you know what it is, where it is and how to fix it), it's the testing to make sure that your fix didn't break anything else and that your system still works exactly like before (other than the fixed bug of course) is the time consuming part.

      Does Microsoft spend weeks doing regression and unit testing? I do not know, however making the assumption that a patch can get out in the OSS world faster is better is not a very good one.

      Having patch writers on hand 24x7 would be great for the actual fix, but would not reduce the amount of time required to make sure that the fix works and is safe.

      It should be pointed out that the advantage of a proprietary model of development vs the FOSS one is one of liability. A patch needs to have at least the same, if not better quality (speed, error proneness, etc) than the bits that it is replacing. It is far easier for a small FOSS group to release a quickly written and tested fix than it is for Microsoft too. Despite popular belief, Microsoft has extremely high quality standards. How many companies do you know who have programmers on call 24x7 should their code break a build?

      --
      Help Brendan pay off his student loans
  3. Many shallow eyes... by Onimaru · · Score: 2, Interesting

    ...make deep bugs deeper. FOSS philosophy applied to viruses. Yikes.

    --
    adam b.
  4. Organized Crime? by jellomizer · · Score: 4, Interesting

    Isn't this the same as orginized crime. So a bunch of internet thugs orginize to advertise more stuff, because they realized it will be more effective if they worked togeth. Will this rise the cost of protection money to use the internet?

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  5. No surprise- by IWantMoreSpamPlease · · Score: 5, Interesting

    Used to be (way back in 2003 or so) AdAware was all you needed (and Norton AV or a workalike)

    But now, man some of the things I've seen are really nasty!

    You wipe 'em out, they come back, they hide from searches, morph into other programs, I've even seen one (I shit you not, I've been in IT for 10+ years, never seen anything like this one!) that was active even when the infected drive was placed as a slave on another machine, it started right up and infected the new PC.

    This goes way beyond simple syware, these people are teaming up and it's just the beginning.

    --
    So rise up, all ye lost ones, as one, we'll claw the clouds.
  6. serve yourself and save by to_kallon · · Score: 3, Interesting

    "They work in groups that exchange information with other groups on forums and Web sites."
    erhmm....
    ianase (i am not a security expert) but wouldn't that statement apply to, hmmmm....., oh i don't know.....THE INTERNET?? seriously, a broad, vague, statement like that suggests to me that this is mostly overreaction on the part of a group who could experience significant gains IF their statements were true.
    fud? imho, yes.

    --


    The only way to get rid of a temptation is to yield to it.
    -Oscar Wilde
  7. Security Through Obscurity by TrollBridge · · Score: 2, Interesting
    "This means that they reckon that weaknesses will be exploited in a matter of hours of being announced, rather thant the weeks and months that we're seeing now."

    Kinda makes you think twice about publicly announcing vulnerabilities in your software before you have time to fix them, does it not?

    --
    There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
  8. open a can of whoop-ass by TheSHAD0W · · Score: 2, Interesting

    This circumstance does have some advantages; by tying themselves together financially they open the possibility for one to be traced from the other.

    It also opens the participants to criminal conspiracy charges. Can you say RICO, motherf***er?

  9. pattern, anyone? by majest!k · · Score: 2, Interesting
    i just read the article. i couldnt help but notice a striking resemblance with the agendas of Kaspersky and our very own Bush administration...

    1) spread fear, its good for business.
    2) create some fucked up 'axis of evil' shit to help further #1. ("Virus writers are combining their efforts with hackers and spammers to launch Swiss Army knife-like malware attacks on users")
    3) throw in some fuzzy math for effect. ("The company said that it was seeing 200 new viruses a day.")
    4) take a random stab at preventing free speech. ( "They work in groups that exchange information with other groups on forums and Web sites ... We need to cooperate to prevent this.")
    5) and finally, say something really stupid that goes against something tried and true thats trusted in the industry - in this case, the idea of Full Disclosure. ("We are against anyone who publishes vulnerabilities because it gives hackers a tool.")

    and to think i actually used to respect their work. maybe they should just stick to coding and save the PSA's for when they have a smarter PR rep.

    just my 2 cents.

    --
    smattawichu
  10. Re:focus change by MinutiaeMan · · Score: 2, Interesting

    I see a major problem with this, at least in some circumstances. If businesses start issuing too many warnings about vulnerabilities, at least some users might become "desensitized" to the urgent need to upgrade. Heck, already too many users don't bother upgrading until there's a big bad virus or worm out there threatening everyone.

    Of course, by the same token, if businesses start issuing more warnings (cough*MICROSOFT*cough*) then maybe more people will realize that their software of choice is a piece of sh*t and start looking for a replacement.

    I think that so far, the general effect of an increased emphasis on security has been the latter (people reconsidering options). But will it always stay that way? I don't know.

  11. Re:China: Spammers, Virus Writers, & Hackers by Long-EZ · · Score: 2, Interesting

    Close. Actually, the two things you should do are:

    1) Download and install Firefox.
    2) Delete Internet Explorer (if you can).

    On my computer, Internet Explorer is slightly faster for casual browsing than FireFox because Explorer is more tightly integrated into the operating system.

    On my computer, I'm running Linux. IE is NOT integrated into the operating system. You can't see it, but I'm doing the Superior Dance.

    If IE is integrated into your OS, there is a third thing you should do.

    3) Upgrade to Linux or Mac.

    I can't understand why everyone isn't more enraged by the fact that 80% of spam now comes from zombie Windows PCs. Lack of security hurts us all. As a society, we're far too complacent about PC security. We should take the attitude that a person's right to run an unpatched Windows box attached to a high speed cable ISP does not supercede the right of a million internet users not to drown in illegal V1aGr@ and warez spam.

    --
    >> My ultraviolent Linux switch video.